Mandatory age verification has created a stir among internet users after it landed in the UK at the end of July. Yet similar requirements are also coming to the US, state by state.
On the other side of the Atlantic, Brits have turned en masse to the best VPN[1] services to avoid scanning their face or passports to access their favorite apps. Age checks aren’t limited to adult-only websites. The likes of Reddit, X, Instagram, Roblox, and even Spotify must age-gate content defined as “legal but harmful.”
In the US, on a federal level, the Kids Online Safety Act (KOSA) is still under consideration after being reintroduced in Congress in May. Over 20 states have passed some form of age verification regulations, and others are in the process of doing the same.
The scope of these laws varies from state to state, and so do the rules.
Some previously focused on enforcing mandatory age checks on adult-only sites since at least 2023. Now, some states are in the process of beefing up regulations by targeting minors’ access to social media, harmful content, or both. And all in different ways.
“It’s just a mess,” a Senior Policy and Advocacy Expert at the Internet Society, John Perrino, told TechRadar. “And, frankly, it’s probably unlikely to provide any meaningful online safety protections for young people.”
A state-by-state legal mess
The unique issues around the US age verification laws lie in the fact that tech providers will be required to shape their service differently according to where their users are based. Let’s look at some examples.
The Mississippi regulation has made headlines recently as Bluesky exited the market[2] to avoid complying with the new rules that would force the social media provider to restrict access to the site for every unverified user.
Yet, the Twitter rival didn’t do so in South Dakota and Wyoming, where similar legislation has also passed. As Bluesky explains in an official announcement[3], “users in South Dakota and Wyoming can choose from multiple methods to verify their age.” An approach that, according to the company, “strikes the right balance.”
Tennessee has taken age verification requirements even further. It’s the only US state that requires anyone trying to access certain restricted websites or apps to upload their ID every 60 minutes[4].
Texas, Utah, and Louisiana are all examples of laws where age checks happen before downloading the app. While Kansas enacted a law in 2024[5] that requires sites where at least 25% of content is “harmful to minors” to verify users are 18 or older using a government-issued ID.
Backed by the likes of Google, Meta, and OpenAI, California‘s age verification proposal[6] would then require device makers and app stores to verify users’ age.
While this overview can only scratch the surface of the US age verification landscape – you can check the full list[7] put together by the Free Speech Coalition – it’s enough to show how complicated these policies are.
Not only logistic problems
“There are a lot of grey areas and, even though two dozen laws have been passed so far, we’re still figuring out what all of this means for people and online services,” Perrino told TechRadar.
Surely, though, issues aren’t limited to logistics. Similar to the UK age verification law[8], in fact, these requirements mean that citizens have to share their most sensitive pieces of information with tech providers – whether that’s their biometric details, banking accounts, or government-issued ID.
Considering that the US still lacks a comprehensive data protection legislation, this would occur while lacking strong accountability mechanisms against data misues.
Beyond privacy violations, such an invasive data collection could also cause security risks of this data being hacked or leaked.
Then there’s the broad language around “harmful but legal” content, worrying experts about the potential negative impact on Americans’ right to free speech and access to information.
Uploading government ID or biometric data is tremendously risky. Many consumers worry that such information could be stolen and used for identity theft or to access other systems. Help fight age verification laws in your state: https://t.co/mtHu7muYZ2 pic.twitter.com/48ANqPjAvoApril 21, 2025[9]
These concerns are exactly why every time a US state passes an age verification law, there’s a surge of VPN usage among citizens.
A virtual private network (VPN)[10] is a tool that both encrypts internet connections and spoofs IP addresses.
Picking a VPN server based in a country with no such requirements will allow users to access adult-only sites, social media platforms, and any other restricted websites without the need to scan their face or ID card.
This trend has fueled a debate around VPN blocking, with Michigan taking the hardest stance and proposing a requirement to ban the use of circumventing tools in its “Anticorruption of Public Morals Act[11]” proposal.
All in all, Perrino expects these laws to turn people away – all ages and not just minors – from services like social media platforms, which currently give them opportunities to connect, work, or stay informed.
Same problems, but different takes
While US states are busy discussing and enacting age verification requirements, the White House seems to be taking a two-sided approach to the matter.
The Congress has, in fact, resurrected the Kids Online Safety Act[12] (KOSA), which will impose a duty of care on online services to prevent and mitigate harms to minors.
A similar European legislation, however, the Digtal Service Act (DSA) was heavily criticised by both the US President Trump and the Federal Trade Commission (FTC).
As reported by Reuters[13], the Trump administration has considered imposing sanctions on the EU for censoring Americans and imposing higher costs on US tech firms under the DSA.
This pledge came only a few days after the FTC Chair Andrew Ferguson wrote a letter to 13 US Big Tech companies, asking them to resist UK and EU demands[14] to censor content.
What’s next?
While it is yet to be seen what the full impact on American users and tech companies would look like as more laws are enacted, digital rights experts believe that age verification is not the right solution to the children’s online safety conundrum.
“We do need better online safety protections, particularly for young people. Yet I think that the focus on age verification is misguided,” Perrino told TechRadar.
More efficient solutions may include better default protections for parents and young people that don’t invade their privacy and security. Education and media literacy are also needed to prepare both minors and adults to the dangers of having a digital life.
All in all, Perrino believes that such a splintered age verification policy landscape may be bound to fail, ultimately bringing more harm than good.
He said: “Technically, the internet is not divided state by state – nor necessarily, country by country. It’s a global internet. The patchwork of these age verification rules just won’t work for people, and it will change the internet as we know it.”
You might also like
References
- ^ best VPN (www.techradar.com)
- ^ Bluesky exited the market (www.techradar.com)
- ^ official announcement (bsky.social)
- ^ upload their ID every 60 minutes (eu.tennessean.com)
- ^ enacted a law in 2024 (www.kcur.org)
- ^ age verification proposal (www.politico.com)
- ^ check the full list (action.freespeechcoalition.com)
- ^ UK age verification law (www.techradar.com)
- ^ April 21, 2025 (twitter.com)
- ^ virtual private network (VPN) (www.techradar.com)
- ^ Anticorruption of Public Morals Act (www.techradar.com)
- ^ Kids Online Safety Act (www.congress.gov)
- ^ reported by Reuters (www.reuters.com)
- ^ resist UK and EU demands (www.techradar.com)